Configure Jenkins with NGINX for SSL

I like Jenkins for its flexibility and ease of use. Recently I setup up a continuous integration (CI) system for one of my projects. But I wasn't comfortable making it public without https.

After comparing few options, I choose Let's Encrypt to get the SSL certificate. It has nice tools and its free. In this post, I used my domain https://ci.shahed.ca but you can simply replace it with your one.

Installing Jenkins on Ubuntu 16.04

First, we need to install Java. It is a pre-requisite for Jenkins.
sudo apt-get install default-jdk

Then, download and install Jenkins

echo deb https://pkg.jenkins.io/debian-stable binary/ | sudo tee /etc/apt/sources.list.d/jenkins.list
sudo apt-get update
sudo apt-get install jenkins
sudo systemctl start jenkins

Jenkins should be running now. Lets setup the NGINX as proxy and SSL for https first. Then we will configure Jenkins.

Installing NGINX

Simply update and run the install command for NGINX:
sudo apt update
sudo apt install nginx
Thats it. The web server should be running and show the default NGINX page at http://localhost.

Now, Lets configure the proxy. We need to point our domain (ci.shahed.ca) to local instance of Jenkins (by default its running on localhost:8080):

server {
    listen 80;
    server_name ci.shahed.ca;
    access_log /var/log/nginx/ci.shahed.ca.log; 
    error_log /var/log/nginx/ci.shahed.ca-error.log;
    location / {
        proxy_pass http://localhost:8080;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_cache_bypass $http_upgrade;
        client_max_body_size 10m;
        client_body_buffer_size 128k;
        proxy_connect_timeout 90;
        proxy_send_timeout 90;
        proxy_read_timeout 90;
    }
}

The Jenkins site is now available at http://ci.shahed.ca. The last step is to configure SSL certificate so that we can use the https://.

Configure SSL from Let's Encrypt

Let's Encrypt provides a bot to simplify the certificate installation process. The following scripts install the bot: (more details ...).

$ sudo add-apt-repository ppa:certbot/certbot
$ sudo apt-get update
$ sudo apt-get install certbot
$ sudo apt install python-certbot-nginx

Finally, use the certbot to add SSL for our domain. This require manual input to accept the terms. Then it will add the SSL certificates on the server. (Please confirm that your DNS for the domain is pointing to this server IP).

$ sudo certbot --nginx -d ci.shahed.ca

Thats it! The bot will make the necessary changes in the nginx proxy settings to add the certificate. The Jenkins site is now available at: https://ci.shahed.ca

Start Jenkins for the first time

The first time we start Jenkins it will show the following screen and ask for the auto-generated password.
Screen-Shot-2018-09-27-at-8.37.00-PM
We can get the password from this path:

cat /var/jenkins_home/secrets/initialAdminPassword

The wizard will ask for a few inputs to complete the setup. Then it will be ready for use. More details on how to use Jenkins is available here.

Show Comments